ssh-logjam

[freb]

ssh-hostkey uses the fetch_host_key

This function includes a kexchange that we could probably reuse to get the prime size

https://github.com/nmap/nmap/blob/a7638f57c88cb1b5da949147729fca76a0f332c5/nselib/ssh2.lua#L224-L249

We should be able to grab the modulus/prime size from there. But we can't guarantee that the negotiated kex algorithms will be the vulnerable ones. Basically, if the host supports group1-sha1 then it is vulnerable, but we need to check the modulus size for a group-exchange-sha1.

[freb]

Notes:

dh-group-exchange-sha1 has a variable size dh modulus that can be regenerated on the server. specify a small modulus to see if the server will oblige. I believe the smallest acceptable dh modulus for the client and server is used but put max 1024 so that it is clear if a success is an issue. if there is no connection, you'll get "ssh: handshake failed: EOF" in the error key.

echo 172.24.1.1 | ./zgrab -port 22 -xssh -xssh-kex-algorithms diffie-hellman-group-exchange-sha1 -xssh-ciphers aes128-cbc -xssh-gex-min-bits 512 -xssh-gex-max-bits 1024 | jq

[freb]

https://blog.gdssecurity.com/labs/2015/8/3/ssh-weak-diffie-hellman-group-identification-tool.html